Foundry.Audit.Event (foundry v0.1.4)

Copy Markdown

An append-only audit log entry. Records all approval events, apply events, and compliance-relevant state transitions for :sensitive and :compliance proposals.

Storage

Events are stored as JSONL records in .foundry/audit.jsonl in the target project's repository (ADR-015). Each state transition appends one line and commits the file. The git history of audit.jsonl is the authoritative inspection tool — git log -p .foundry/audit.jsonl shows every append with committer identity and timestamp.

This Ash resource is the schema and validation layer. Foundry.Audit.EventStore handles reading and writing the JSONL file.

Immutability

No update or destroy actions exist. The append-only constraint is enforced by policy. Attempting to modify or delete an audit event is an error.

Export

mix foundry.audit.export --from=<date> --to=<date> reads the JSONL file, filters by timestamp, and outputs a formatted JSON array. For regulatory inspection, the git history is the primary evidence — the export is convenience.

ADR

ADR-014 §Audit Log. ADR-015 §Audit Log Format.

Summary

Types

t()

Functions

default_short_name()
input(opts)

Validates that the keys in the provided input are valid for at least one action on the resource.

input(opts, action)

Same as input/1, except restricts the keys to values accepted by the action provided.

primary_key_matches?(left, right)

Types

t()

@type t() :: %Foundry.Audit.Event{
  __lateral_join_source__: term(),
  __meta__: term(),
  __metadata__: term(),
  __order__: term(),
  actor: term(),
  actor_role: term(),
  adr_link: term(),
  aggregates: term(),
  approval_slot: term(),
  calculations: term(),
  change_class: term(),
  commit_sha: term(),
  diff_hash: term(),
  event_type: term(),
  id: term(),
  inserted_at: term(),
  notes: term(),
  occurred_at: term(),
  proposal_id: term(),
  updated_at: term()
}

Functions

default_short_name()

input(opts)

@spec input(values :: map() | Keyword.t()) :: map() | no_return()

Validates that the keys in the provided input are valid for at least one action on the resource.

Raises a KeyError error at compile time if not. This exists because generally a struct should only ever be created by Ash as a result of a successful action. You should not be creating records manually in code, e.g %MyResource{value: 1, value: 2}. Generally that is fine, but often with embedded resources it is nice to be able to validate the keys that are being provided, e.g

Resource
|> Ash.Changeset.for_create(:create, %{embedded: EmbeddedResource.input(foo: 1, bar: 2)})
|> Ash.create()

input(opts, action)

@spec input(values :: map() | Keyword.t(), action :: atom()) :: map() | no_return()

Same as input/1, except restricts the keys to values accepted by the action provided.

primary_key_matches?(left, right)